MPLS VPN Question

Unanswered Question
Jul 27th, 2010
User Badges:

Hello :


   I have one problem establishing conection between two VPN sites. I have CE-PE routing protocol running OSPF. I am

sharing the topology and I want to achieve.



CE(R7)______PE1-----------------------PE2___________CE (BB1)VPN_A)


                        |                                     |

                        |                                     |

                        P________________________P



ON CE  (R7)


I could able to see the routes of BB1. But unable to ping R7 to BB1 vice versa. PE1 & 2 both are running MPBGP and customer

OSPF routes have been redistributed into MPBGP. Lets say an example if i want to ping loopback address of BB1 from R7 , I am

unable to ping. I see the routes are being advertised in R7. Next hop is reachable. If I do trace route , I see the packet is

dropping on after it hits the PE1 router.


Any thought would be much appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Edison Ortiz Tue, 07/27/2010 - 05:17
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You may have a problem with labels within the MPLS Backbone.


Check the mpls forwarding table on all P and PE routers.


Regards,



Edison

sampusarkar Tue, 07/27/2010 - 08:42
User Badges:

Hello Edison :


  Thanks for your reply. This is the following MPLS forwarding table I have for my two cores ( R1 & R5).



R1

===========


R1#show mpls forwarding-table


Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop   
Label  Label or VC   or Tunnel Id      Switched      interface             
16     Pop Label     5.5.5.5/32        0             Gi2/0      10.2.1.2   
17     Pop Label     10.1.2.0/24       570           Gi2/0      10.2.1.2   
18     18            6.6.6.6/32        79960         Gi2/0      10.2.1.2   
19     Pop Label     3.3.3.3/32        64200         Gi1/0      10.1.1.3   
R1#show mpls
R1#show mpls for


R1#show mpls forwarding-table  10.10.10.10
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop   
Label  Label or VC   or Tunnel Id      Switched      interface        


This is 10.10.10.10 is loopback address of BB1 I was trying ping but apparantly it is failing. How to fix that? I have mpls runnning all interface in P routers.






Chetan Kumar Ress Tue, 07/27/2010 - 11:58
User Badges:
  • Silver, 250 points or more

Hi Sam


If possible can you share the config , it will help us to understand the your topology & able to trouble shoot.


or Please refer the below document where the same configuration is done.


Note : Your  10.10.10.10 is loopback IP on BB1 is not is MPLS lable table , You should check in show mpls forwarding-table  vrf ( name )


or check sh ip bgp vpnv4 vrf (name) ----wether you are able to see the route 10.10.10.10.


https://supportforums.cisco.com/docs/DOC-11383


Regards

Chetan Kumar

west33637 Tue, 07/27/2010 - 13:18
User Badges:

Hello.


Ensure that BB1s loopback (10.10.10.10) and R7's loopback is reachable via OSPF. make sure that the PE routers are advertising those loopbacks into the OSPF process. Also ensure that the P routers are advertising their loopbacks into OSPF. They must advertise their loopbacks because thats what MPLS will use to peer with. IP cef should be enabled by default. If not, enable it on all P and PE routers.


Also it wont hurt to issue the following command to check if all your PE and P routers have neighbor adjacencies - sh mpls ldp nei


In your topology the P routers should have 2 LDP neighbors - 1 to the adjacent PE router and 1 to the other P router.


If you dont see all the adjacencies, configure mpls ip on all the adjacent interfaces so that they can form adjacencies.


loopback advertisement example


router ospf 1

network 10.10.10.10 0.0.0.0 area 0


on the P routers do a sh ip ro ospf and check to ensure that you see 10.10.10.10 and also the loopback of R7.


also on the P routers do a sh ip cef 10.10.10.10  ---- you should see a forwarding path now in the CEF table


also check the MPLS forwarding table - sh mpls forwarding-table 10.10.10.10 --- you should see an entry now in the MPLS forwarding table.


the reason you cant ping from one end to another is because your core network does not have a label forwarding path to the loopbacks of the PE routers.


fix the MPLS core and you'll most likely fix the VPN, unless you have some other configuration issues at the PE.



Please remember to rate if it helps.

sampusarkar Wed, 07/28/2010 - 01:59
User Badges:

Dear All :


   Thanks for your valuable suggestions. I guess I have already built end to end MPLS path. However, I am attaching the config

details of each router. Maybe I am missing some config.


R3:(PE1)

==============


R3#sh ip bgp vpnv4 vrf VPN_A 10.10.10.10


BGP routing table entry for 10:3:10.10.10.10/32, version 10
Paths: (1 available, best #1, table VPN_A)
  Not advertised to any peer
  200, imported path from 10:6:10.10.10.10/32
    6.6.6.6 (metric 4) from 6.6.6.6 (6.6.6.6)
      Origin incomplete, metric 65, localpref 100, valid, external, best
      Extended Community: RT:10:6 OSPF DOMAIN ID:0x0005:0x000000020200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:12.1.1.2:0
      mpls labels in/out nolabel/21




I do see route of BB1. Same for R6 (PE2) as well.


R6 ( PE2)

=========


R6#show ip bgp vpnv4 vrf VPN_A 10.10.10.10


BGP routing table entry for 10:6:10.10.10.10/32, version 4
Paths: (1 available, best #1, table VPN_A)
  Advertised to update-groups:
        1


  Local
    12.1.1.3 from 0.0.0.0 (6.6.6.6)
      Origin incomplete, metric 65, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:10:6 OSPF DOMAIN ID:0x0005:0x000000020200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:12.1.1.2:0
      mpls labels in/out 21/nolabel


R7

========



R7#sh ip route 10.10.10.10


Routing entry for 10.10.10.10/32
  Known via "ospf 1", distance 110, metric 3, type inter area
  Last update from 10.1.1.2 on GigabitEthernet1/0, 01:44:30 ago
  Routing Descriptor Blocks:
  * 10.1.1.2, from 33.33.33.33, 01:44:30 ago, via GigabitEthernet1/0
      Route metric is 3, traffic share count is 1


I do have a route to BB1.


LDP path is built R3 to R6.


I am attaching the config.


Regards

Arjun

Mohamed Sobair Wed, 07/28/2010 - 03:24
User Badges:
  • Gold, 750 points or more

Hi,


Could you please post the following:


1- show mpls ldp binding 10.10.10.0 from (R3 & R6)

2- show mpls forwarding-table from (R3 & R6)


Mohamed

u1kumar2002 Wed, 07/28/2010 - 04:24
User Badges:

Hi ,

      As per your attached the configuration, I will suggest you

1.Plz modify the ip vrf config on both the routers.
ip vrf VPN_A
rd 10:3
route-target import 10:3
route-target export 10:3
Configure same on R3 and R6, No need of different route-targets, Since its a simple vpn. Use of multiple route targets values are recommended in complex VPN's.
2. No need to configure mpls ip for vrf interface.
3. why R6 is having
router ospf 2 vrf VPN_A
network 10.0.0.0 0.255.255.255 area 0 (since S3/0 interface is having ip add 12.1.1.0/24, No need of this)
4.Is the MPLS clould is having two AS ? if its simple VPN use single AS and run IBGP between R3 & R6, Then form MP-BGP neighborship,otherwise if bgp neighborship should be proper.
5. Use /32 mask for loopback interface in R3 and R6 which are used for BGP peering, make sure both are reachable by IGP.
At last you can confirm the result with with following commands on both routers R3 and R6 ,
show ip bgp vpnv4 all
sh ip route vrf VPN_A
ping vrf VPN_A x.x.x.x



For a similar example in GNS3  , Plz find the attachment of lab and you can visit below link :

http://startnetworks.blogspot.com/2010/07/mpls-l3-vpnsham-link-as-override.html



Uttam

Actions

This Discussion

Related Content